fix: search box position and security change

This commit changes the search box up the paginator, and fixes a security problem.

ATTENTION! The version which has search box MUST update to the newest version IMMEDIATELY, the old version did not process the escape of the string, may cause SQL injection problems.
This commit is contained in:
MascoSkray 2017-06-28 13:32:44 +08:00
parent 4fd63e8070
commit b77834a182
No known key found for this signature in database
GPG Key ID: 6ABABD8325167A2E

View File

@ -56,7 +56,6 @@ EOD;
$cond = array(); $cond = array();
$search_tag = null; $search_tag = null;
$search_word = $_GET["search"];
$cur_tab = isset($_GET['tab']) ? $_GET['tab'] : 'all'; $cur_tab = isset($_GET['tab']) ? $_GET['tab'] : 'all';
if ($cur_tab == 'template') { if ($cur_tab == 'template') {
@ -68,8 +67,8 @@ EOD;
if ($search_tag) { if ($search_tag) {
$cond[] = "'".DB::escape($search_tag)."' in (select tag from problems_tags where problems_tags.problem_id = problems.id)"; $cond[] = "'".DB::escape($search_tag)."' in (select tag from problems_tags where problems_tags.problem_id = problems.id)";
} }
if($search_word) { if (isset($_GET["search"])) {
$cond[]="title like '%".$search_word."%' or id like '%".$search_word."%'"; $cond[]="title like '%".DB::escape($_GET["search"])."%' or id like '%".DB::escape($_GET["search"])."%'";
} }
if ($cond) { if ($cond) {
@ -136,7 +135,12 @@ EOD;
<?= HTML::tablist($tabs_info, $cur_tab, 'nav-pills') ?> <?= HTML::tablist($tabs_info, $cur_tab, 'nav-pills') ?>
</div> </div>
<div class="col-sm-4"> <div class="col-sm-4">
<?php echo $pag->pagination(); ?> <form id="form-search" class="input-group form-group" method="get">
<input type="text" class="form-control" name="search" placeholder="<?= UOJLocale::get('search')?>" />
<span class="input-group-btn">
<button type="submit" class="btn btn-search btn-primary" id="submit-search"><span class="glyphicon glyphicon-search"></span></button>
</span>
</form>
</div> </div>
<div class="col-sm-4 checkbox text-right"> <div class="col-sm-4 checkbox text-right">
<label class="checkbox-inline" for="input-show_tags_mode"> <label class="checkbox-inline" for="input-show_tags_mode">
@ -149,12 +153,7 @@ EOD;
</div> </div>
<div class="row"> <div class="row">
<div class="col-xs-10 col-xs-push-1 col-sm-6 col-sm-push-3 input-group"> <div class="col-xs-10 col-xs-push-1 col-sm-6 col-sm-push-3 input-group">
<form id="form-search" class="input-group form-group" method="get"> <?php echo $pag->pagination(); ?>
<input type="text" class="form-control" name="search" placeholder="<?= UOJLocale::get('search')?>" />
<span class="input-group-btn">
<button type="submit" class="btn btn-search btn-primary" id="submit-search"><span class="glyphicon glyphicon-search"></span></button>
</span>
</form>
</div> </div>
</div> </div>
<div class="top-buffer-sm"></div> <div class="top-buffer-sm"></div>